Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unit 7 – Organisational Systems Security

Published byAngela Matthews Modified over 6 years ago

Similar presentations

Presentation on theme: "Unit 7 – Organisational Systems Security"— Presentation transcript:

1 Unit 7 – Organisational Systems Security
Organisation rules and guidelines Unit 7 – Organisational Systems Security

2 Employment contracts Explain how employment contracts can affect security.

3 Employment contracts and security
Hiring policy Separation of duties Ensuring compliance/ disciplinary procedures Training and communication of responsibilities

4 HCT ‘Recruitment & Selection
Read the policy (on wiki) Identify areas you think reflect on security

5 Hiring policy Recruitment and promotion National employment laws
Should check potential employee’s: Background Previous employment record References Criminal record Ability to complete an assessment task Probationary period

6 Separation of Duties What do you think this means?
How can it affect security?

7 Separation of duties Avoid reliance on one individual
Give critical tasks to team, each task has a knowledgeable deputy Applies equally to knowledge of system Includes: VPN Firewall Anti-virus System overview

8 Disciplinary procedures
Task: A colleague has suggested that you have downloaded an expensive application from the company’s server and are going to use it at home. This is a breach of company policy and the law. What should happen? Describe the steps you think should occur.

9 Disciplinary procedures
Any infringement needs to be dealt with fairly Process infringements to avoid false accusations. Possible steps: Independent investigation Suspension (with pay) Police involvement (any criminal matter)

10 Training and Communication
Employer has responsibility: to train staff to maintain regular communication To ensure staff are aware of their responsibilities How can this be accomplished?

11 Task 2 (P5) In this section of your report you should explain how employment contracts can help security. Give examples. This section of your report should be at least 500 words in length. Hints: You should cover: Hiring policy Separation of duties Disciplinary procedures Staff training and responsibilities

12 Task 3 (P6) In this section of your report you should explain the legislation related to security and privacy of data. This part of the report should be about 500 words in length. Hints: You should cover: Computer Misuse Act (1990) Copyright, Designs and Patents Act (1988) Data Protection Acts (1984, 1998, 2000) Freedom of Information Act (2000)

13 Task 3 When you introduce the legislation you are talking about use its full title including the date (and capital letters) E.g. Computer Misuse Act (1990) You may quote relevant sections of the act. E.g. This act covers 4 offences “Unauthorised access with intent to commit or facilitate commission of further offences.” Make sure you reference accurately. Explain in your own words what the act does: e.g. This act makes it illegal to interfere with a computer unless authorised to do so. orientated

14 Data Protection Act 1998 Framework for handling data
Gives individuals right to know what info is held If you process data you must register with DPA registrar and ensure that personal information is: Fairly and lawfully processed Processed for limited purposes Adequate, relevant and not excessive Accurate and up-to-date Not kept for longer than necessary Processed in-line with your rights Secure Not transferred to other countries without adequate protection

15 Data Protection Act 1998 What do the eight principles of the Data Protection Act 1998 cover?

16 Freedom of Information Act 2000
Access to official information Individuals or organisations have right to request information from: Any public authority – including local and central government The police NHS Colleges and schools They have 20 days to provide the information. May refuse if the information is exempt eg if releasing the information could prejudice national security or damage commercial interests. Examples: Personal information is NOT covered by this act!

17 Computer Misuse Act 1990 Three offences:
Unauthorised access to any computer programme or data eg using someone else’s logon ID and password Unauthorised access with intent to commit a serious crime Unauthorised modification of computer contents. I.e. impairing the operation of a computer, a program or the reliability of data, includes preventing access to any program or data. E.g. the introduction of a virus, modifying another users files or changing financial or administrative data. Minor changes to tighten up act introduced through Police and Justice Act 2006, made unauthorised acts with intent to impair the operation of a computer illegal.

18 Copyright, Designs and Patents Act (1988)
If you didn’t create it, it isn’t yours! No official registration system Rights start as soon as something is recorded, written, painted etc Don’t need Copyright symbol © Duration 70yrs after death for written work 50yrs from 1st recording for sound recording 70yrs after death for films (director/screenplay/dialogue/soundtrack)

Download ppt "Unit 7 – Organisational Systems Security"

Similar presentations

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.

The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.
Legislation in ICT.

Legislation in ICT.
Higher Administration and IT Administrative Practices.

Higher Administration and IT Administrative Practices.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Health and Safety Legislation

Health and Safety Legislation
Legislation in ICT. Data Protection Act (1998) What is the Data Protection Act (1998) and why was it created? What are the eight principles of the Data.

Legislation in ICT. Data Protection Act (1998) What is the Data Protection Act (1998) and why was it created? What are the eight principles of the Data.
The Data Protection Act The Data Protection Act controls how your personal information is used by organisations, businesses or the government. Everyone.

The Data Protection Act The Data Protection Act controls how your personal information is used by organisations, businesses or the government. Everyone.
The Data Protection Act

The Data Protection Act
Data Protection Act. Lesson Objectives To understand the data protection act.

Data Protection Act. Lesson Objectives To understand the data protection act.
The Legal Framework Can you work out which slide each bullet point should go on?!

The Legal Framework Can you work out which slide each bullet point should go on?!
General Purpose Packages

General Purpose Packages
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
Data Protection Act AS Module 1 10.8 Heathcote Ch. 12.

Data Protection Act AS Module Heathcote Ch. 12.
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.

DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
UNIT 15 WEEK 9 CLASS 1 LESSON OVERVIEW Pete Lawrence BTEC National Diploma Organisational System Security.

UNIT 15 WEEK 9 CLASS 1 LESSON OVERVIEW Pete Lawrence BTEC National Diploma Organisational System Security.
The Data Protection Act (1998). The Data Protection Act allows you to Check if any organisation keeps information about you on computer or in paper form.

The Data Protection Act (1998). The Data Protection Act allows you to Check if any organisation keeps information about you on computer or in paper form.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act 1998. What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
IT and the LAW. The Computer Misuse Act of 1990 In the early 1980s in the UK, hacking was not illegal. Some universities stipulated that hacking, especially.

IT and the LAW. The Computer Misuse Act of 1990 In the early 1980s in the UK, hacking was not illegal. Some universities stipulated that hacking, especially.

Similar presentations

Ads by Google